package web.war.mechanisms.applbasic;

import java.util.Base64;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.security.auth.Subject;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.credential.BasicAuthenticationCredential;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@ApplicationScoped
/* loaded from: input_file:web/war/mechanisms/applbasic/CustomBasicAuthMech.class */
public class CustomBasicAuthMech implements HttpAuthenticationMechanism {
    protected static String sourceClass = CustomBasicAuthMech.class.getName();
    private final Logger logger = Logger.getLogger(sourceClass);
    private final String realmName = "CustomBasicRealm";

    @Inject
    private IdentityStoreHandler identityStoreHandler;

    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus challengeAuthorizationHeader;
        this.logger.entering(sourceClass, "validateRequest", new Object[]{httpServletRequest, httpServletResponse, httpMessageContext});
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        Subject clientSubject = httpMessageContext.getClientSubject();
        String header = httpMessageContext.getRequest().getHeader("Authorization");
        if (httpMessageContext.isAuthenticationRequest()) {
            AuthenticationParameters authParameters = httpMessageContext.getAuthParameters();
            if (authParameters != null) {
                challengeAuthorizationHeader = validateWithIdentityStore(clientSubject, authParameters.getCredential(), this.identityStoreHandler, httpMessageContext);
                if (challengeAuthorizationHeader == AuthenticationStatus.SUCCESS) {
                    httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.authType", "SERVLET10_AUTH_MECH");
                }
            } else {
                challengeAuthorizationHeader = header == null ? setChallengeAuthorizationHeader(httpMessageContext.getResponse()) : handleAuthorizationHeader(header, clientSubject, httpMessageContext);
            }
        } else {
            challengeAuthorizationHeader = header == null ? !httpMessageContext.isProtected() ? AuthenticationStatus.NOT_DONE : setChallengeAuthorizationHeader(httpMessageContext.getResponse()) : handleAuthorizationHeader(header, clientSubject, httpMessageContext);
        }
        this.logger.exiting(sourceClass, "validateRequest", challengeAuthorizationHeader);
        return challengeAuthorizationHeader;
    }

    private AuthenticationStatus setChallengeAuthorizationHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"CustomBasicRealm\"");
        httpServletResponse.setStatus(401);
        return AuthenticationStatus.SEND_CONTINUE;
    }

    private AuthenticationStatus handleAuthorizationHeader(String str, Subject subject, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        if (str.startsWith("Basic ")) {
            String substring = str.substring(6);
            if (isAuthorizationHeaderValid(decodeCookieString(substring))) {
                authenticationStatus = validateWithIdentityStore(subject, new BasicAuthenticationCredential(substring), this.identityStoreHandler, httpMessageContext);
                if (authenticationStatus == AuthenticationStatus.SUCCESS) {
                    httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.authType", "SERVLET10_AUTH_MECH");
                }
            } else {
                this.logger.info("Basic Auth header is not valid.");
            }
        }
        return authenticationStatus;
    }

    private String decodeCookieString(String str) {
        try {
            return new String(Base64.getDecoder().decode(str));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private boolean isAuthorizationHeaderValid(String str) {
        int indexOf;
        return !(str == null || str.isEmpty() || (indexOf = str.indexOf(58)) <= 0 || indexOf == str.length() - 1);
    }

    private AuthenticationStatus validateWithIdentityStore(Subject subject, Credential credential, IdentityStoreHandler identityStoreHandler, HttpMessageContext httpMessageContext) {
        this.logger.entering(sourceClass, "validateWithIdentityStore", new Object[]{subject, credential, httpMessageContext});
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        CredentialValidationResult validate = identityStoreHandler.validate(credential);
        if (validate.getStatus() == CredentialValidationResult.Status.VALID) {
            authenticationStatus = httpMessageContext.notifyContainerAboutLogin(validate);
        } else if (validate.getStatus() == CredentialValidationResult.Status.NOT_VALIDATED) {
            authenticationStatus = AuthenticationStatus.NOT_DONE;
        }
        this.logger.exiting(sourceClass, "validateWithIdentityStore", authenticationStatus);
        return authenticationStatus;
    }
}
